what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1529-1

Debian Linux Security Advisory 1529-1
Posted Mar 27, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1529-1 - Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service. This Debian security advisory is a bit unusual. While it's normally their strict policy to backport security bugfixes to older releases, this turned out to be infeasible for Firebird 1.5 due to large infrastructural changes necessary to fix these issues.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2008-0387, CVE-2008-0467, CVE-2006-7211, CVE-2007-4664, CVE-2007-4665, CVE-2007-4666, CVE-2007-4667, CVE-2007-4668, CVE-2007-4669, CVE-2007-3527, CVE-2007-3181, CVE-2007-2606, CVE-2006-7212, CVE-2006-7213, CVE-2006-7214
SHA-256 | 1712f868cb7a8eae510a6a9ed3e7ca416b2fec26a21461b1e87fb98b151a008d

Debian Linux Security Advisory 1529-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1529-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 24, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : firebird2
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-0387 CVE-2008-0467 CVE-2006-7211 CVE-2007-4664
CVE-2007-4665 CVE-2007-4666 CVE-2007-4667 CVE-2007-4668
CVE-2007-4669 CVE-2007-3527 CVE-2007-3181 CVE-2007-2606
CVE-2006-7212 CVE-2006-7213 CVE-2006-7214
Debian Bug(s) : 362001 432753 444976 441405 460048 463596

Multiple security problems have been discovered in the Firebird database,
which may lead to the execution of arbitrary code or denial of service.

This Debian security advisory is a bit unusual. While it's normally
our strict policy to backport security bugfixes to older releases, this
turned out to be infeasible for Firebird 1.5 due to large infrastructural
changes necessary to fix these issues. As a consequence security support
for Firebird 1.5 is hereby discontinued, leaving two options to
administrators running a Firebird database:

I. Administrators running Firebird in a completely internal setup with
trusted users could leave it unchanged.

II. Everyone else should upgrade to the firebird2.0 packages available at
http://www.backports.org/backports.org/pool/main/f/firebird2.0/

Version 2.0.3.12981.ds1-6~bpo40+1 fixes all known issues.

Please refer to the general backports.org documentation to add the
packages to your package management configuration:
http://www.backports.org/dokuwiki/doku.php?id=instructions

These packages are backported to run with Debian stable. Since
firebird2.0 is not a drop-in replacement for firebird2 (which
is the source package name for the Firebird 1.5 packages)
these updates are not released through security.debian.org.
Potential future security problems affecting Debian stable will be
released through backports.org as well.

Arrangements have been made to ensure that Firebird in the upcoming
Debian 5.0 release will be supportable with regular backported
security bugfixes again.

For a more detailed descriptions of the security problems, please refer
to the entries in the Debian Bug Tracking System referenced above and
the following URLs:

http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf

- ---------------------------------------------------------------------------------
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH6subXm3vHE4uyloRAnHaAJ46J9dUTRLJA/nNr/r5fqvezenMAgCePrM/
JO6vfhxwzbrL8i4F6we+lZc=
=zyjo
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close